[Box Backup-commit] COMMIT r2272 - box/trunk/lib/backupclient
boxbackup-dev at fluffy.co.uk
boxbackup-dev at fluffy.co.uk
Sat Sep 6 11:50:34 BST 2008
Author: chris
Date: 2008-09-06 11:50:33 +0100 (Sat, 06 Sep 2008)
New Revision: 2272
Modified:
box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp
Log:
Reformat for readability.
Use SecureZeroMemory rather than memset() to wipe key material on Windows.
Modified: box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp
===================================================================
--- box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp 2008-09-06 10:47:41 UTC (rev 2271)
+++ box/trunk/lib/backupclient/BackupClientCryptoKeys.cpp 2008-09-06 10:50:33 UTC (rev 2272)
@@ -35,33 +35,51 @@
// Open the file
FileStream file(rKeyMaterialFilename);
+
// Read in data
if(!file.ReadFullBuffer(KeyMaterial, BACKUPCRYPTOKEYS_FILE_SIZE, 0))
{
THROW_EXCEPTION(BackupStoreException, CouldntLoadClientKeyMaterial)
}
- // Tell the filename how to encrypt
- BackupStoreFilenameClear::SetBlowfishKey(KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_KEY_START, BACKUPCRYPTOKEYS_FILENAME_KEY_LENGTH,
- KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_IV_START, BACKUPCRYPTOKEYS_FILENAME_IV_LENGTH);
- BackupStoreFilenameClear::SetEncodingMethod(BackupStoreFilename::Encoding_Blowfish);
+ // Setup keys and encoding method for filename encryption
+ BackupStoreFilenameClear::SetBlowfishKey(
+ KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_KEY_START,
+ BACKUPCRYPTOKEYS_FILENAME_KEY_LENGTH,
+ KeyMaterial + BACKUPCRYPTOKEYS_FILENAME_IV_START,
+ BACKUPCRYPTOKEYS_FILENAME_IV_LENGTH);
+ BackupStoreFilenameClear::SetEncodingMethod(
+ BackupStoreFilename::Encoding_Blowfish);
- // Tell the attributes how to encrypt
- BackupClientFileAttributes::SetBlowfishKey(KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START, BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH);
- // and the secret for hashing
- BackupClientFileAttributes::SetAttributeHashSecret(KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_START, BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_LENGTH);
+ // Setup key for attributes encryption
+ BackupClientFileAttributes::SetBlowfishKey(
+ KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START,
+ BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH);
- // Tell the files how to encrypt
- BackupStoreFile::SetBlowfishKeys(KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START, BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH,
- KeyMaterial + BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_START, BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_LENGTH);
+ // Setup secret for attribute hashing
+ BackupClientFileAttributes::SetAttributeHashSecret(
+ KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_START,
+ BACKUPCRYPTOKEYS_ATTRIBUTE_HASH_SECRET_LENGTH);
+
+ // Setup keys for file data encryption
+ BackupStoreFile::SetBlowfishKeys(
+ KeyMaterial + BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_START,
+ BACKUPCRYPTOKEYS_ATTRIBUTES_KEY_LENGTH,
+ KeyMaterial + BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_START,
+ BACKUPCRYPTOKEYS_FILE_BLOCK_ENTRY_KEY_LENGTH);
+
#ifndef HAVE_OLD_SSL
// Use AES where available
- BackupStoreFile::SetAESKey(KeyMaterial + BACKUPCRYPTOKEYS_FILE_AES_KEY_START, BACKUPCRYPTOKEYS_FILE_AES_KEY_LENGTH);
+ BackupStoreFile::SetAESKey(
+ KeyMaterial + BACKUPCRYPTOKEYS_FILE_AES_KEY_START,
+ BACKUPCRYPTOKEYS_FILE_AES_KEY_LENGTH);
#endif
// Wipe the key material from memory
- ::memset(KeyMaterial, 0, BACKUPCRYPTOKEYS_FILE_SIZE);
+ #ifdef _MSC_VER // not defined on MinGW
+ SecureZeroMemory(KeyMaterial, BACKUPCRYPTOKEYS_FILE_SIZE);
+ #else
+ ::memset(KeyMaterial, 0, BACKUPCRYPTOKEYS_FILE_SIZE);
+ #endif
}
-
-
More information about the Boxbackup-commit
mailing list